From 8d524301c8b44fc2dcb10712886bb24e8ea0f7b4 Mon Sep 17 00:00:00 2001 From: Lance Date: Sun, 19 Nov 2006 06:08:49 +0000 Subject: * Hack protection from packet monkeys in clif_parse_NpcSelectMenu. modified Changelog-Trunk.txt modified src/map/clif.c modified src/map/map.h modified src/map/script.c git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@9261 54d463be-8e91-2dee-dedb-b68131a5f0ec --- src/map/clif.c | 11 +++++++++-- src/map/map.h | 2 +- src/map/script.c | 14 ++++++++++++-- 3 files changed, 22 insertions(+), 5 deletions(-) (limited to 'src/map') diff --git a/src/map/clif.c b/src/map/clif.c index 293242c41..28e3f0ecd 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -10059,10 +10059,17 @@ void clif_parse_WeaponRefine(int fd, struct map_session_data *sd) { */ void clif_parse_NpcSelectMenu(int fd,struct map_session_data *sd) { + unsigned char select; RFIFOHEAD(fd); - sd->npc_menu=RFIFOB(fd,6); - npc_scriptcont(sd,RFIFOL(fd,2)); + select = RFIFOB(fd,6); + if((select > sd->max_menu && select != 0xff) || !select){ + ShowWarning("Hack on NPC Select Menu: %s (AID: %d)!\n",sd->status.name,sd->bl.id); + clif_GM_kick(sd,sd,0); + } else { + sd->npc_menu=select; + npc_scriptcont(sd,RFIFOL(fd,2)); + } } /*========================================== diff --git a/src/map/map.h b/src/map/map.h index 882a91882..934acb31f 100644 --- a/src/map/map.h +++ b/src/map/map.h @@ -627,7 +627,7 @@ struct map_session_data { unsigned int client_tick; int npc_id,areanpc_id,npc_shopid; int npc_item_flag; //Marks the npc_id with which you can use items during interactions with said npc (see script command enable_itemuse) - int npc_menu; + int npc_menu, max_menu; int npc_amount; struct script_state *st; char npc_str[256]; diff --git a/src/map/script.c b/src/map/script.c index 8afd23e26..27ea71cbb 100644 --- a/src/map/script.c +++ b/src/map/script.c @@ -4127,7 +4127,7 @@ int buildin_close2(struct script_state *st) int buildin_menu(struct script_state *st) { char *buf; - int len,i; + int len,i, max = 1; struct map_session_data *sd = script_rid2sd(st); nullpo_retr(0, sd); @@ -4154,6 +4154,11 @@ int buildin_menu(struct script_state *st) strcat(buf,":"); } } + for(i=0; (unsigned int)i < strlen(buf); i++){ + if(buf[i] == ':') + max++; + } + sd->max_menu = max; clif_scriptmenu(script_rid2sd(st),st->oid,buf); aFree(buf); } else if(sd->npc_menu==0xff){ // cansel @@ -10278,7 +10283,7 @@ int buildin_jump_zero(struct script_state *st) { int buildin_select(struct script_state *st) { char *buf; - int len,i; + int len,i,max = 1; struct map_session_data *sd; sd=script_rid2sd(st); @@ -10296,6 +10301,11 @@ int buildin_select(struct script_state *st) strcat(buf,st->stack->stack_data[i].u.str); strcat(buf,":"); } + for(i=0; (unsigned int)i < strlen(buf); i++){ + if(buf[i] == ':') + max++; + } + sd->max_menu = max; clif_scriptmenu(script_rid2sd(st),st->oid,buf); aFree(buf); } /*else if(sd->npc_menu==0xff){ // Cancel will be parsed since this is select() [Lance] -- cgit v1.2.3-70-g09d2